Plans for an emergency response unit

May 2012

As the number of cyber attacks increases, eolas outlines the Government’s plans to strengthen cyber security.

The Government has moved to create a computer emergency response unit in order to protect state assets and infrastructure. The Department of Communications, Energy and Natural Resources ran a tender last October for a consultant to work in this unit and organise structured exercises, manage incidents involving malicious software and share information about computer vulnerabilities. The tender was won by UCD’s Centre for Cybersecurity and Cybercrime Investigation. Communications Minister Pat Rabbitte has said that it will assist in “identifying and protecting Irish businesses from cyber attacks.”

Work performed by the unit will complement that done by the Irish Reporting and Information Security Service (IRISS). Established in 2008, the not-for-profit organisation provides free security advice and alerts to organisations and is funded by donations and corporate sponsorship.

The vulnerability of public network and information security has been illustrated in recent years through events such as the hacking of the CAO’s website in August 2010 on the morning college place offers went online, and the Department of Justice and Equality’s website in January 2012.

Such cyber attacks are known as ‘denial of service’ attacks. They occur when ‘hacktivists’ rig computers to overwhelm the target site with bogus information requests.

In April, Estonian President Toomas Hendrik Ilves said that Ireland should join the NATO-sponsored Cooperative Cyber Defence Centre of Excellence because all countries that acquired income from intellectual property were being subject to constant economic cyber espionage. A spokesman for the department has confirmed to eolas that the new unit will work with the Tallinn-based centre. Established in 2008, the centre’s core areas of research include legal and policy areas of cyber security and protection of critical information infrastructure. Eleven countries are currently involved with the centre. Representatives from the department’s new unit will be attending cyber training conferences at the NATO centre later this year.

Rabbitte is also working on a national cyber security strategy, which will be published in the coming months. This follows on from a report commissioned on cyber attacks by former Communications Minister Eamon Ryan in August 2009. Conducted by Epsion, it dealt with detection and reaction to attacks, public awareness of threats and appropriate responses, but the department says that it doesn’t intend releasing either the report or its recommendations.

IRISS’s most recent figures show that between January and October 2011, 441 security breaches were reported. 408 sites were hijacked for phishing scams (attempts to acquire information or money through electronic means) and 33 incidents involved compromised records. Five of the 33 cases related to reported intellectual property theft.

Globally, figures show a rise in cyber security risk. The 2011 Verizon report on data breach investigations reported 174 million incidents of data loss (in 36 countries) after reaching an all-time low of 4 million in 2010. Last year’s figure is the second highest data loss recorded since record-keeping began in 2004. “Mainline cybercriminals continued to automate and streamline their method du jour of high-volume, low-risk attacks against weaker targets,” the report found. “Much less frequent, but arguably more damaging, were continued attacks targeting trade secrets, classified information, and other intellectual property.”

Related Articles

Government departments’ AI approaches

Public procurement buyers should act now to retain past competition data

Innovation in public services

National Data Infrastructure: Data as a strategic asset to the public service